1

5/3/2012 ms

SEMINAR
ON NETWORK SECURITY

Sachin padiyar 07-538 Hemant jain 07-522

Harshad kamble 07-527

2

5/3/2012 ms

Presentation Content
• • • • • • •
3

Introduction What is Internet? What do we need to protect? Threat Motivation Attack Types Security Objectives Security mechanisms
5/3/2012 ms

INTRODUCTION
Network Security refers to any activities designed to protect your network. Specifically, these activities protect : • Usability • Reliability • Integrity • Safety of your network and data.

4

5/3/2012 ms

educational and commercial.What is Internet? • The Internet is a worldwide IP network. 5 5/3/2012 ms . that links collection of different networks from various sources. governmental.

What do we need to protect • Data • Resources • Reputation 6 5/3/2012 ms .

Threat Motivation • • • • • • Spy Joyride Ignorance Revenge Greed Terrorist 7 5/3/2012 ms .

TYPES OF NETWORK SECURITY CLIENT-SERVER SECURITY DATA & TRANSACTION SECURITY 8 5/3/2012 ms .

 9 5/3/2012 ms .  DATA & TRANSACTION SECURITY It ensure privacy and confidentiality in electronic messages & data packets including the authentication of remote users in network transaction .TYPES OF NETWORK SECURITY CLIENT-SERVER SECURITY Uses various authorization method to make sure that only valid users and programs have access to information resources.

PROBLEMS OF CLIENTSERVER SECURITY NETWORK • PHYSICAL SECURITY HOLES • SOFTWARE SECURITY HOLES • INCONSISTENT SECURITY HOLES 10 5/3/2012 ms .

ITS PROTECTION METHODS • TRUST BASED SECURITY • PASSWORD SCHEMES • BIOMETRIC SYSTEMS 11 5/3/2012 ms .

EMERGING CLIENT-SERVER THREATS • SOFTWARE AGENTS MALICIOUS CODE  & VIRUSES HORSES TROJAN WORMS hackers 12 5/3/2012 ms .

Types of hackers • Passive • Active 13 5/3/2012 ms .

14 5/3/2012 ms .PASSIVE hackers A passive intruders attempts to learn or make use of information from the system but doesn't effect system resources ACTIVE hackers An active intruders attempts to change system resources which can have effect on their operation.

Security Objectives • • • • • • • Identification Authentication Authorization Access Control Data Integrity Confidentiality Non-repudiation 15 5/3/2012 ms .

16 5/3/2012 ms .

• Sometime users can select their ID as long as it is given too another user.Identification • Something which uniquely identifies a user and is called UserID. • UserID can be one or combination of the following: – User Name – User Student Number 17 5/3/2012 ms .

Authentication • The process of verifying the identity of a user • Typically based on – Something user knows • Password – Something user have • Key. smart card. voice. or retinal scans 18 5/3/2012 ms . disk. or other device – Something user is • fingerprint.

19 5/3/2012 ms .509 – Single Sign ON • User can access several network resources by logging on once to a security system.• Authentication procedure – Two-Party Authentication • One-Way Authentication • Two-Way Authentication – Third-Party Authentication • Kerberos • X.

Client Server UserID & Password One-way Authentication Authenticated ServerID & Password Two-way Authentication Authenticated Two-Party Authentications 20 5/3/2012 ms .

P sw as e th Au Cl ie nt Au th e d or ed at ic nt Exchange Keys Client Exchange Data Server Third-Party Authentications 21 5/3/2012 ms .P ID nt ic at ed ID .Security Server Se or d er rv as sw .

Authorization • The process of assigning access right to user 22 5/3/2012 ms .

Access Control • The process of enforcing access right • and is based on following three entities – Subject • is entity that can access an object – Object • is entity to which access can be controlled – Access Right • defines the ways in which a subject can access an object. 23 5/3/2012 ms .

24 5/3/2012 ms .• Access Control is divided into two – Discretionary Access Control (DAC) • The owner of the object is responsible for setting the access right. – Mandatory Access Control (MAC) • The system defines access right based on how the subject and object are classified.

Data Integrity. 25 5/3/2012 ms . • Assurance that the data that arrives is the same as when it was sent.

26 5/3/2012 ms .Confidentiality • Assurance that sensitive information is not visible to an eavesdropper. This is usually achieved using encryption.

Non-repudiation • Assurance that any transaction that takes place can subsequently be proved to have taken place. Both the sender and the receiver agree that the exchange took place. 27 5/3/2012 ms .

28 5/3/2012 ms .

Security Mechanisms • • • • Web Security Cryptographic techniques Digital Signature Internet Firewalls 29 5/3/2012 ms .

Web Security • Basic Authentication • Secure Socket Layer (SSL) 30 5/3/2012 ms .

URLs 31 5/3/2012 ms .Basic Authentication A simple user ID and password-based authentication scheme. and provides the following: – To identify which user is accessing the server – To limit users to accessing specific pages (identified as Universal Resource Locators.

Connection reliability through integrity checking • There are two parts to SSL standard. but now it is implemented in World Wide Web browsers and servers from many vendors. as follows:  The SSL Handshake is a protocol for initial authentication and transfer of encryption keys.  The SSL Record protocol is a protocol for transferring encrypted data 32 5/3/2012 ms . SSL provides the following .Confidentiality through an encrypted connection based on symmetric keys .Secure Socket Layer (SSL) • Netscape Inc.Authentication using public key identification and verification . originally created the SSL protocol.

33 5/3/2012 ms .CRYPTOGRAPHY Cryptography refers to the science and art of transforming messages to make them secure and immune to attacks.

34 5/3/2012 ms .Digital Signature Digital Signatures is cryptographic mechanisms that perform a similar function to a written signature. It is used to verify the originator and contents of the message .

• Firewall uses the following techniques: – – – – Packet Filters Application Proxy Secure Tunnel Screened Subnet Architecture 35 5/3/2012 ms .Internet Firewall • A firewall is to control traffic flow between networks.

• Very fast than other firewall techniques • Hard to configure 36 5/3/2012 ms .Packet Filtering • Most commonly used firewall technique • Operates at IP level • Checks each IP packet against the filter rules before passing (or not passing) it on to its destination.

Non-Secure Network Packet Filtering Server Secure Network 37 5/3/2012 ms .

Application Proxy • Application Level Gateway • The communication steps are as follows – User connects to proxy server – From proxy server. user connects to destination server • Proxy server can provide – Content Screening – Logging – Authentication 38 5/3/2012 ms .

Non-Secure Network Telnetd Telnet Telnetd Telnet Secure Network Porxy Server 39 5/3/2012 ms .

Secure IP Tunnel • A secure channel between the secure network and an external trusted server through a nonsecure network (e.. Internet) • Encrypts the data between the Firewall and the external trusted host • Also identifies of the session partners and the messages authenticity 40 5/3/2012 ms .g.

Screened Subnet Architecture • The DMZ (perimeter network) is set up between the secure and non-secure networks • It is accessible from both networks and contains machines that act as gateways for specific applications 41 5/3/2012 ms .

Firewall Conclusion • Not the complete answer • The fox is inside the henhouse • Host security + User education • Cannot control back door traffic • any dial-in access • Management problems • Cannot fully protect against new viruses • Antivirus on each host Machine • Needs to be correctly configured • The security policy must be enforced 42 5/3/2012 ms .

43 5/3/2012 ms .

  28 .

.078  .#% #% $#'# %#%$ W $ %# %$  &$    '#&$$  #$$ #$ %#  .

.

.

  28 .

0 W .9.88.078 W !..0  .%50841.

.

.

  28 .

...30 88902 7084:7..94317429088902-:9/4083 90110.9902598940..078 5..988902 7084:7.73472.08 .078 %'.0 397:/078 .9..0 0110.08 .!$$'.0:8041 31472.3 .078 3 .943  . ..078 .9 43 907 4507.0397:/078.9902598 94 .88.

.

.

  28 .

9.943 43  . 39079 431/039..08 W W W W W W W /0391.088 43974 ..943 :947.943 .$0.9.:79 -0..9 43 705:/.943 :9039.

.

.

  28 .

 .

.

.

  28 .

.8 9 8 .8 43 .943 41 90 1443 1443 &807 ./0391.03 944 .943 W $42093 . :807 . :36:0 /039108 .20 &807 $9:/039 :2-07  .3 800.3 -0 430 47 .9 907  ..3/ 8 .42-3..0/ &807 &807 W $420920 :8078 ..34907 :807 :807 W &807 .

.

.

  28 .

8847/ $42093 :807 .4. -.80/ 43 $42093 :807 348 W !. :807 W %5. 8.38  .7/ /8 47 4907 /0.0 W 0 82....79 .0713 90 /0399 41 .0 47 7093.088 41 ....:9039.943 W %0 574.0 $42093 :807 8 W 13075739 .

.

.

  28 .

.:79 88902 88902  .943 W %4 . 80.943 W 07-0748 W    $30 $3  W &807 .943 %4 %7/ %7/ !.088 80.0/:70 %4 !.79 :9039. :9039....943 %4 30 W 30 ..W :9039.07.0 94 .08 - 43 43 43..943 574.79 :9039. :9039.. 30947 7084:7.3 ..

.

.

  28 .

943 :9039..90/ $07..90/ %4 !..8847/ %4 .07 &807 !..9438  ..:9039.79:9039.039 $07.07 !.943 :9039.:9039.8847/ 30 .

.

.

  28 .

07 %7/ !. 39 .:79$07...9438  .8 ! 39   0 9 :  0 / 47 : 9 0 0/ .8 8 47 /  7  39 .$0. $07.9 .9 0/ ! 8 ..07 0 7. $0 .3008 039 .30.79:9039.9. .

.

.

  28 .

8833 .088 79 94 :807  .088 41 .:947...943 W %0 574.

.

.

  28 .

8 3 .3 -0 .3 .3 4-0.. 8:-0.9 . .088 41 03147.3 4-0...9  .088 .3/ 8 -. .9 W 8 0399 9..3 .439740/ .088 79 W .9 ...9 -0.....088 #9 W /01308 90 .9 4-0.088 ..08843974 W %0 574..9 W 8 0399 94 .088 ..80/ 43 1443 9700 039908 $:-0.3 ..

.

.

  28 .

W .70 .3/...8810/ .3/ 4-0./0/ 394 94 8.80/ 43 4 90 8:-0..9 8 7085438-0 147 80993 90 .7 .088 79 79 .9 ..9 ..088 79 -..70943.8810/  ..088 43974 8 /..947 .088 43974  W %0 4307 41 90 4-0..088 43974  W %0 88902 /01308 .

.

.

  28 .

0 9..9 90 /.9 .39079 W 88:7.77.8 03 9 . 9.20 .9.08 8 90 8.3.8 8039 8039  .9.

.

.

  28 .

75943  ..0 9.0 31472.9 80389.08/745507 %8 8 :8:..3 0.8-0 94 .9 W 88:7.431/039. .0.3.08/745507 0.943 8 349 .0/ :83 03.75943 03..

.

.

  28 .

0 5..0 5.08 5.3/ 90 70.30 944 5.700 9..943 9.0 49 90 803/07 .9 .07 .3 8:-806:039 -0 574.9 90 0.0  ...38.0..3 97.0 .9 9.0 9..03 5..43 43 705:/.943 W 88:7..0/ 94 .0 9.3..

.

.

  28 .

 .

.

.

  28 .

8  . $3. 90.3828 W W W W 0.5.:790.36:08 9..:79 75947.$0.9:70 3907309 70.$0.

.

.

  28 .

943 W $0.0-$0.8.07 $$  .:79 W .:70 $4. :9039..09 .

.

.

  28 .

0 4.08 /03910/ ./08 90 1443 1443 %4 /0391 .943 8.80/ 5..0883 850. :807 8 .07 %4 29 :8078 94 .8 &3..:9039.3/ 574..8847/ -.0883 90 807.:9039.8847/ ....9478 &#8  . 5.020 . #084:7.1.8.943  8250 :807  ..3/ 5..078.

.

.

  28 .

 .3/ ...4 -:9 3.09.3/8.3810773 03.07 $$ W 098. .. 473.3 . 0 /0391.03/478 $$ 574.3 W %070 .9 974: ..75943 08 08 %0 $$ #0.7/ .70.03/478 431/039.943 4330.943 .943 :83 5:-./08 90 1443 .70 94 5.:70$4.7590/ /. 34 9 8 25020390/ 3 47/ /0 0. 57494.90/ 90 $$ 57494..47/ 57494. 08 :9039. .4 147 39.943 -.071.38107 41 03.0.943 .-748078 .80/ 43 822097.3/ 807.943 70.50 3.$0.-9 974: 39079 .9.4 8 .4 147 97.3 03.4330.078 1742 2. 57494.8 1448 1448 %0 $$ .0 8 .3/ 97.7590/ .3/.:9039.798 94 $$ 89.

.

.

  28 .

090280.3814723 2088.8  .7941 97.3/22:3094.570107894908.3/.:70.0.#!% #! 75947.03.08942..99.

.

.

  28 .

20.4390398 41 90 2088. 79903 83.3/ .0  .3828 9.9:70 9 8 :80/ 94 .5.9..943 94 .947 .9 5071472 .75947.7 1:3.9:708 8 . $3.071 90 473.9:70 9.$3. 82.

.

.

  28 .

:70 %:330 $.11.390730970.. :808 90 1443 90. 8 94 .943 !74 $0.09 9078 55.90.43974 97..70030/ $:-309 7. W  170.9:70  . 14 -09003 309478 309478 90.36:08 W 70.36:08 !.

.

.

  28 .

09 . 90. ! 5.36:08 W .36:0 W 507..7/ 94 .3 4907 170.0 W 0.883 9 43 94 98 /0893.42243 :80/ 170.. 90..099073 W 489 .!.9 ! 0..8 0.943 W '07 1.943 /0893.431:70  .883 47 349 5.389 90 1907 7:08 -01470 5.89 9.908 .

.

.

  28 .

.07 $0.:70 0947 !.:70 0947  .43 $0.09 9073 $07.

.

.

  28 .

3 574.943 807.4330.943!74 W 55.8 1448 &807 ... W %0 .70033 43 :9039.943 0.07 .55.4330.98 94 /0893.07 :807 .943 89058 .422:3..943  ../0 439039 $.98 94 574 807.90.07 742 574 807.07 W !74 807..0 .70 .

.

.

  28 .

:70 0947 !47$07.43 $0.:70 0947 %0309/ %0309 %0309/ %0309 $0.07  .

.

.

  28 .

$0.07 974: .:70 .3/ 90 2088.793078 . 97:890/ 489 W 84 /039108 41 90 808843 5. -09003 90 70.3/ .3/ 90 09073.9.. . 343 343 80.:70!%:330 W  80.08 .:9039.:70 30947 .330 -09003 90 80.3 09073.:70 30947 0  3907309 0 W 3. 97:890/ 807.7598 90 /.9  .

.

.

  28 .

..3/ 343 80.$.90.439.:70 . .8 147 850..70030/$:-3097.9438  .3/ .8 .38 2.9 ..9:70 W %0  50720907 30947 8 809 :5 343 -09003 90 80.9 .088-0 1742 -49 309478 .:70 309478 W 9 8 .90.1.55.308 9..

.

.

  28 .

3349 1: 57490. W .425090 . /447 97.:79 &807 0/:.. 3 .7:8 43 0.9 .9 .4770..:843 W 49 90 .943 W ..0/  .70.389 30 . W .7:808 W 39.3.30 W 00/8 94 -0 .43. 489 .431:70/ W %0 80.43974 -.:79 54. 2:89 -0 03147..3807 W %0 14 8 38/0 90 034:80 W 489 80..088 /..3349 .11..02039 574-028 W .3 /.

.

.

  28 .

 .

.

.

  28 .